This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
- From: "Jeffrey Lightner" <jclightner at copper dot net>
- To: "Achim Gratz" <Stromeko at nexgo dot de>
- Cc: <cygwin at cygwin dot com>
- Date: Tue, 6 Sep 2016 11:39:01 -0700
- Subject: Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
- Authentication-results: sourceware.org; auth=none
- Reply-to: <jclightner at copper dot net>
Thanks.
I've done the passwd -R and re-established the trust. Once the user retests with the trust I'll let you know how it goes.
The comment in the article about only System users being able to list the registry entries doesn't mean it will ignore the "passwd -R" done for a non-Administrative user (by an Administrative account of course) does it? At present the remote Windows user is a local Administrative user but of course we plan to lock that down some after other testing pans out.
--- Stromeko@nexgo.de wrote:
From: Achim Gratz <Stromeko@nexgo.de>
To: cygwin@cygwin.com
Subject: Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
Date: Tue, 06 Sep 2016 19:59:47 +0200
Jeffrey Lightner writes:
> The weirdness is that this failure only occurs when we call it using
> ssh trust to make the connection. If we make the connection without a
> trust so that it prompts for the OS level password the bat file then
> executes correctly including its application level login.
That most likely means that this application needs network access. If
you log in via public key and don't have a password stored in registry
via 'passwd -R' and cygserver running to use it, then you won't have any
access rights to non-local resources.
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview
If all you need is indeed to run one script, you might alternatively be
able to set up a service that starts under a network user and just runs
that script when triggered by your remote user login in via ssh.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf Q+, Q and microQ:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple